package io.gravitee.common.util;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.io.StringReader;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.util.io.pem.PemReader;

/* loaded from: input_file:io/gravitee/common/util/KeyStoreUtils.class */
public class KeyStoreUtils {
    public static final String TYPE_JKS = "JKS";
    public static final String TYPE_PEM = "PEM";
    public static final String TYPE_PKCS12 = "PKCS12";
    public static final String DEFAULT_ALIAS = "dummy-entry";
    public static final String DEFAULT_KEYSTORE_TYPE = "PKCS12";
    private static final int DNSNAME = 2;
    private static final Date DEFAULT_NOT_BEFORE = new Date(System.currentTimeMillis() - 31536000000L);
    private static final Date DEFAULT_NOT_AFTER = new Date(253402300799000L);
    private static final int DEFAULT_KEY_LENGTH_BITS = 2048;
    private static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA256WithRSAEncryption";
    private static final String DEFAULT_ALGORITHM = "RSA";

    public static KeyStore initFromPath(String str, String str2, String str3) {
        try {
            InputStream openStream = new File(str2).toURI().toURL().openStream();
            try {
                KeyStore keyStore = KeyStore.getInstance(str);
                keyStore.load(openStream, passwordToCharArray(str3));
                if (openStream != null) {
                    openStream.close();
                }
                return keyStore;
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(String.format("Unable to load keystore from path [%s]", str2), e);
        }
    }

    public static KeyStore initFromContent(String str, String str2, String str3) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(str2));
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(byteArrayInputStream, passwordToCharArray(str3));
            return keyStore;
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to get keystore from base64", e);
        }
    }

    public static KeyStore initSelfSigned(String str, String str2) {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, new char[0]);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(DEFAULT_ALGORITHM);
            SecureRandom secureRandom = new SecureRandom();
            keyPairGenerator.initialize(DEFAULT_KEY_LENGTH_BITS, secureRandom);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            X500Name x500Name = new X500Name("CN=" + str);
            X509Certificate certificate = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(new JcaX509v3CertificateBuilder(x500Name, new BigInteger(64, secureRandom), DEFAULT_NOT_BEFORE, DEFAULT_NOT_AFTER, x500Name, generateKeyPair.getPublic()).build(new JcaContentSignerBuilder(DEFAULT_SIGNATURE_ALGORITHM).build(privateKey)));
            certificate.verify(generateKeyPair.getPublic());
            keyStore.setEntry(DEFAULT_ALIAS, new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{certificate}), new KeyStore.PasswordProtection(passwordToCharArray(str2)));
            return keyStore;
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to get keystore from base64", e);
        }
    }

    public static KeyStore initFromPems(List<String> list, List<String> list2, String str) {
        if (list.size() != list2.size()) {
            throw new IllegalArgumentException(String.format("Mismatch between number of certificates (%s) and number of private keys (%s)", Integer.valueOf(list.size()), Integer.valueOf(list2.size())));
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            char[] passwordToCharArray = passwordToCharArray(str);
            keyStore.load(null, passwordToCharArray);
            for (int i = 0; i < list.size(); i++) {
                InputStream openStream = new File(list.get(i)).toURI().toURL().openStream();
                try {
                    InputStream openStream2 = new File(list2.get(i)).toURI().toURL().openStream();
                    try {
                        keyStore.setEntry("dummy-entry-" + i, new KeyStore.PrivateKeyEntry(loadPemPrivateKey(new String(openStream2.readAllBytes())), loadPemCertificates(new String(openStream.readAllBytes()))), new KeyStore.PasswordProtection(passwordToCharArray));
                        if (openStream2 != null) {
                            openStream2.close();
                        }
                        if (openStream != null) {
                            openStream.close();
                        }
                    } catch (Throwable th) {
                        if (openStream2 != null) {
                            try {
                                openStream2.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (openStream != null) {
                        try {
                            openStream.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            }
            return keyStore;
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to initialize keystore from pem certificate and private key", e);
        }
    }

    public static KeyStore initFromPem(String str, String str2, String str3, String str4) {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            Certificate[] loadPemCertificates = loadPemCertificates(str);
            PrivateKey loadPemPrivateKey = loadPemPrivateKey(str2);
            keyStore.load(null, passwordToCharArray(str3));
            keyStore.setEntry(str4 == null ? DEFAULT_ALIAS : str4, new KeyStore.PrivateKeyEntry(loadPemPrivateKey, loadPemCertificates), new KeyStore.PasswordProtection(passwordToCharArray(str3)));
            return keyStore;
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to initialize keystore from pem certificate and private key", e);
        }
    }

    public static Certificate[] loadPemCertificates(String str) throws Exception {
        X509Certificate certificate;
        JcaX509CertificateConverter provider = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider());
        PemReader pemReader = new PemReader(new StringReader(str));
        ArrayList arrayList = new ArrayList();
        PEMParser pEMParser = new PEMParser(pemReader);
        while (true) {
            try {
                Object readObject = pEMParser.readObject();
                if (readObject == null) {
                    pEMParser.close();
                    return (Certificate[]) arrayList.toArray(new X509Certificate[0]);
                }
                if ((readObject instanceof X509CertificateHolder) && (certificate = provider.getCertificate((X509CertificateHolder) readObject)) != null) {
                    arrayList.add(certificate);
                }
            } catch (Throwable th) {
                try {
                    pEMParser.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:33:0x0083, code lost:
    
        throw new java.lang.IllegalArgumentException("No private key found for the specified pem content.");
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.security.PrivateKey loadPemPrivateKey(java.lang.String r6) throws java.io.IOException {
        /*
            org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter r0 = new org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter
            r1 = r0
            r1.<init>()
            r7 = r0
            org.bouncycastle.util.io.pem.PemReader r0 = new org.bouncycastle.util.io.pem.PemReader
            r1 = r0
            java.io.StringReader r2 = new java.io.StringReader
            r3 = r2
            r4 = r6
            r3.<init>(r4)
            r1.<init>(r2)
            r8 = r0
            org.bouncycastle.openssl.PEMParser r0 = new org.bouncycastle.openssl.PEMParser
            r1 = r0
            r2 = r8
            r1.<init>(r2)
            r9 = r0
        L21:
            r0 = r9
            java.lang.Object r0 = r0.readObject()     // Catch: java.lang.Throwable -> L84
            r1 = r0
            r10 = r1
            if (r0 == 0) goto L7a
            r0 = r10
            boolean r0 = r0 instanceof org.bouncycastle.openssl.PEMKeyPair     // Catch: java.lang.Throwable -> L84
            if (r0 == 0) goto L54
            r0 = r7
            r1 = r10
            org.bouncycastle.openssl.PEMKeyPair r1 = (org.bouncycastle.openssl.PEMKeyPair) r1     // Catch: java.lang.Throwable -> L84
            org.bouncycastle.asn1.pkcs.PrivateKeyInfo r1 = r1.getPrivateKeyInfo()     // Catch: java.lang.Throwable -> L84
            java.security.PrivateKey r0 = r0.getPrivateKey(r1)     // Catch: java.lang.Throwable -> L84
            r11 = r0
            r0 = r11
            if (r0 != 0) goto L49
            goto L21
        L49:
            r0 = r11
            r12 = r0
            r0 = r9
            r0.close()
            r0 = r12
            return r0
        L54:
            r0 = r10
            boolean r0 = r0 instanceof org.bouncycastle.asn1.pkcs.PrivateKeyInfo     // Catch: java.lang.Throwable -> L84
            if (r0 == 0) goto L21
            r0 = r7
            r1 = r10
            org.bouncycastle.asn1.pkcs.PrivateKeyInfo r1 = (org.bouncycastle.asn1.pkcs.PrivateKeyInfo) r1     // Catch: java.lang.Throwable -> L84
            java.security.PrivateKey r0 = r0.getPrivateKey(r1)     // Catch: java.lang.Throwable -> L84
            r11 = r0
            r0 = r11
            if (r0 != 0) goto L6f
            goto L21
        L6f:
            r0 = r11
            r12 = r0
            r0 = r9
            r0.close()
            r0 = r12
            return r0
        L7a:
            java.lang.IllegalArgumentException r0 = new java.lang.IllegalArgumentException     // Catch: java.lang.Throwable -> L84
            r1 = r0
            java.lang.String r2 = "No private key found for the specified pem content."
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L84
            throw r0     // Catch: java.lang.Throwable -> L84
        L84:
            r10 = move-exception
            r0 = r9
            r0.close()     // Catch: java.lang.Throwable -> L8d
            goto L96
        L8d:
            r11 = move-exception
            r0 = r10
            r1 = r11
            r0.addSuppressed(r1)
        L96:
            r0 = r10
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: io.gravitee.common.util.KeyStoreUtils.loadPemPrivateKey(java.lang.String):java.security.PrivateKey");
    }

    public static char[] passwordToCharArray(String str) {
        return str != null ? str.toCharArray() : new char[0];
    }

    public static String getDefaultAlias(KeyStore keyStore) {
        try {
            if (keyStore.aliases().hasMoreElements()) {
                return keyStore.aliases().nextElement();
            }
            return null;
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to get default alias from keystore.", e);
        }
    }

    public static KeyStore merge(KeyStore keyStore, KeyStore keyStore2, String str) {
        return merge(Arrays.asList(keyStore, keyStore2), str);
    }

    public static KeyStore merge(List<KeyStore> list, String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, passwordToCharArray(str));
            list.forEach(keyStore2 -> {
                copy(keyStore2, keyStore, str);
            });
            return keyStore;
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to merge the 2 keystores", e);
        }
    }

    public static void copy(KeyStore keyStore, KeyStore keyStore2, String str) {
        try {
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(passwordToCharArray(str));
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                KeyStore.Entry entry = keyStore.getEntry(nextElement, passwordProtection);
                if (keyStore2.containsAlias(nextElement)) {
                    throw new IllegalArgumentException(String.format("The alias [%s] is present in both keystores. Aliases must be unique.", nextElement));
                }
                keyStore2.setEntry(nextElement, entry, passwordProtection);
            }
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to copy source keystore into destination keystore", e);
        }
    }

    public static Map<String, String> getCommonNamesByAlias(KeyStore keyStore) {
        try {
            HashMap hashMap = new HashMap();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    RDN[] rDNs = new JcaX509CertificateHolder(x509Certificate).getSubject().getRDNs(BCStyle.CN);
                    if (rDNs.length > 0) {
                        hashMap.put(IETFUtils.valueToString(rDNs[0].getFirst().getValue()), nextElement);
                    }
                    Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
                    if (subjectAlternativeNames != null) {
                        subjectAlternativeNames.stream().filter(list -> {
                            return ((Integer) list.get(0)).intValue() == DNSNAME;
                        }).forEach(list2 -> {
                            hashMap.put(list2.get(1).toString(), nextElement);
                        });
                    }
                }
            }
            return hashMap;
        } catch (Exception e) {
            throw new IllegalArgumentException("Unable to extract CN/SAN from keystore.", e);
        }
    }
}
